diff --git a/doc/ir/lift.ipynb b/doc/ir/lift.ipynb index aaa20a0b8..56ce6fbd3 100644 --- a/doc/ir/lift.ipynb +++ b/doc/ir/lift.ipynb @@ -1729,7 +1729,7 @@ "\n", "```\n", "\n", - "This is the generic code used in `x86_64` to model function calls. But you can finely model functions. For example, suppose you are analysing code on `x86_32` with `stdcall` convention. Suppose you know the callee clean its stack arguments. Supppose as well you know for each function how many arguments it has. You can then customize the model to match the callee and compute the correct stack modification, as well as getting the arguments from stack:\n", + "This is the generic code used in `x86_64` to model function calls. But you can finely model functions. For example, suppose you are analysing code on `x86_32` with `stdcall` convention. Suppose you know the callee clean its stack arguments. Suppose as well you know for each function how many arguments it has. You can then customize the model to match the callee and compute the correct stack modification, as well as getting the arguments from stack:\n", "\n", "\n", "\n" diff --git a/doc/locationdb/locationdb.ipynb b/doc/locationdb/locationdb.ipynb index 33a18930f..09e47ca66 100644 --- a/doc/locationdb/locationdb.ipynb +++ b/doc/locationdb/locationdb.ipynb @@ -5,13 +5,13 @@ "metadata": {}, "source": [ "# LocationDB object \n", - "The `LocationDB` is the Miasm object responsible of the symbols' management. A `Location` is an object representing a code or data (or anywhere else) position. As the name explicits it, the `LocationDB` is a database of locations. Here are some rules:\n", + "The `LocationDB` is the Miasm object responsible of the symbols' management. A `Location` is an object representing a code or data (or anywhere else) position. As the name says, the `LocationDB` is a database of locations. Here are some rules:\n", "- each location has exactly *one* associated `LocKey`\n", "- a `LocKey` is linked to a unique `LocationDB` (and must not be used in another `LocationDB`)\n", "- a `LocKey` is very similar to primary key object in a database.\n", "- a `LocKey` can have an optional *offset*.\n", "- a `LocKey` can have multiple symbol names\n", - "- two `Lockey`s cannot share an identic offset\n", + "- two `Lockey`s cannot share an identical offset\n", "- two `LocKey`s cannot share a symbol name\n", "\n", "Below are manipulations of the `LocationDB`" diff --git a/example/disasm/dis_binary.py b/example/disasm/dis_binary.py index af140f289..cf927adb3 100644 --- a/example/disasm/dis_binary.py +++ b/example/disasm/dis_binary.py @@ -8,7 +8,7 @@ loc_db = LocationDB() # The Container will provide a *bin_stream*, bytes source for the disasm engine -# It will prodive a view from a PE or an ELF. +# It will provide a view from a PE or an ELF. cont = Container.from_stream(fdesc, loc_db) # The Machine, instantiated with the detected architecture, will provide tools diff --git a/example/expression/interfer.py b/example/expression/interfer.py deleted file mode 100644 index 7e660b9b4..000000000 --- a/example/expression/interfer.py +++ /dev/null @@ -1,113 +0,0 @@ -from miasm.analysis.data_flow import State -from miasm.expression.expression import * - -""" -Test memory interferences - -A memory interference may appear when two ExprMem objects relate to the same area of memory: editing one may impact the other. -""" - -a32 = ExprId('a', 32) -b32 = ExprId('b', 32) - -a64 = ExprId('a', 64) -b64 = ExprId('b', 64) - -mem_a32_32 = ExprMem(a32, 32) -mem_b32_32 = ExprMem(b32, 32) - -mem_a64_32 = ExprMem(a64, 32) - -mem_a32_m1_8 = ExprMem(a32 + ExprInt(-1, 32), 8) -mem_a32_p0_8 = ExprMem(a32, 8) -mem_a32_p1_8 = ExprMem(a32 + ExprInt(1, 32), 8) -mem_a32_p2_8 = ExprMem(a32 + ExprInt(2, 32), 8) -mem_a32_p3_8 = ExprMem(a32 + ExprInt(3, 32), 8) -mem_a32_p4_8 = ExprMem(a32 + ExprInt(4, 32), 8) - - -mem_a32_m4_32 = ExprMem(a32 + ExprInt(-4, 32), 32) -mem_a32_m3_32 = ExprMem(a32 + ExprInt(-3, 32), 32) -mem_a32_m2_32 = ExprMem(a32 + ExprInt(-2, 32), 32) -mem_a32_m1_32 = ExprMem(a32 + ExprInt(-1, 32), 32) -mem_a32_p0_32 = ExprMem(a32, 32) -mem_a32_p1_32 = ExprMem(a32 + ExprInt(1, 32), 32) -mem_a32_p2_32 = ExprMem(a32 + ExprInt(2, 32), 32) -mem_a32_p3_32 = ExprMem(a32 + ExprInt(3, 32), 32) -mem_a32_p4_32 = ExprMem(a32 + ExprInt(4, 32), 32) - - -mem_a64_m4_32 = ExprMem(a64 + ExprInt(-4, 64), 32) -mem_a64_m3_32 = ExprMem(a64 + ExprInt(-3, 64), 32) -mem_a64_m2_32 = ExprMem(a64 + ExprInt(-2, 64), 32) -mem_a64_m1_32 = ExprMem(a64 + ExprInt(-1, 64), 32) -mem_a64_p0_32 = ExprMem(a64, 32) -mem_a64_p1_32 = ExprMem(a64 + ExprInt(1, 64), 32) -mem_a64_p2_32 = ExprMem(a64 + ExprInt(2, 64), 32) -mem_a64_p3_32 = ExprMem(a64 + ExprInt(3, 64), 32) -mem_a64_p4_32 = ExprMem(a64 + ExprInt(4, 64), 32) - - -state = State() - - -assert state.may_interfer(set([mem_a32_32]), mem_b32_32) == True -assert state.may_interfer(set([mem_b32_32]), mem_a32_32) == True - -# Test 8 bit accesses -assert state.may_interfer(set([mem_a32_m1_8]), mem_a32_32) == False -assert state.may_interfer(set([mem_a32_p0_8]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p1_8]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p2_8]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p3_8]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p4_8]), mem_a32_32) == False - -assert state.may_interfer(set([mem_a32_32]), mem_a32_m1_8) == False -assert state.may_interfer(set([mem_a32_32]), mem_a32_p0_8) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p1_8) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p2_8) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p3_8) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p4_8) == False - - -# Test 32 bit accesses -assert state.may_interfer(set([mem_a32_m4_32]), mem_a32_32) == False -assert state.may_interfer(set([mem_a32_m3_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_m2_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_m1_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p0_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p1_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p2_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p3_32]), mem_a32_32) == True -assert state.may_interfer(set([mem_a32_p4_32]), mem_a32_32) == False - -assert state.may_interfer(set([mem_a32_32]), mem_a32_m4_32) == False -assert state.may_interfer(set([mem_a32_32]), mem_a32_m3_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_m2_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_m1_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p0_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p1_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p2_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p3_32) == True -assert state.may_interfer(set([mem_a32_32]), mem_a32_p4_32) == False - -# Test 32 bit accesses with 64 bit memory address -assert state.may_interfer(set([mem_a64_m4_32]), mem_a64_32) == False -assert state.may_interfer(set([mem_a64_m3_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_m2_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_m1_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_p0_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_p1_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_p2_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_p3_32]), mem_a64_32) == True -assert state.may_interfer(set([mem_a64_p4_32]), mem_a64_32) == False - -assert state.may_interfer(set([mem_a64_32]), mem_a64_m4_32) == False -assert state.may_interfer(set([mem_a64_32]), mem_a64_m3_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_m2_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_m1_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_p0_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_p1_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_p2_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_p3_32) == True -assert state.may_interfer(set([mem_a64_32]), mem_a64_p4_32) == False diff --git a/example/expression/interfere.py b/example/expression/interfere.py new file mode 100644 index 000000000..83a7adb58 --- /dev/null +++ b/example/expression/interfere.py @@ -0,0 +1,113 @@ +from miasm.analysis.data_flow import State +from miasm.expression.expression import * + +""" +Test memory interferences + +A memory interference may appear when two ExprMem objects relate to the same area of memory: editing one may impact the other. +""" + +a32 = ExprId('a', 32) +b32 = ExprId('b', 32) + +a64 = ExprId('a', 64) +b64 = ExprId('b', 64) + +mem_a32_32 = ExprMem(a32, 32) +mem_b32_32 = ExprMem(b32, 32) + +mem_a64_32 = ExprMem(a64, 32) + +mem_a32_m1_8 = ExprMem(a32 + ExprInt(-1, 32), 8) +mem_a32_p0_8 = ExprMem(a32, 8) +mem_a32_p1_8 = ExprMem(a32 + ExprInt(1, 32), 8) +mem_a32_p2_8 = ExprMem(a32 + ExprInt(2, 32), 8) +mem_a32_p3_8 = ExprMem(a32 + ExprInt(3, 32), 8) +mem_a32_p4_8 = ExprMem(a32 + ExprInt(4, 32), 8) + + +mem_a32_m4_32 = ExprMem(a32 + ExprInt(-4, 32), 32) +mem_a32_m3_32 = ExprMem(a32 + ExprInt(-3, 32), 32) +mem_a32_m2_32 = ExprMem(a32 + ExprInt(-2, 32), 32) +mem_a32_m1_32 = ExprMem(a32 + ExprInt(-1, 32), 32) +mem_a32_p0_32 = ExprMem(a32, 32) +mem_a32_p1_32 = ExprMem(a32 + ExprInt(1, 32), 32) +mem_a32_p2_32 = ExprMem(a32 + ExprInt(2, 32), 32) +mem_a32_p3_32 = ExprMem(a32 + ExprInt(3, 32), 32) +mem_a32_p4_32 = ExprMem(a32 + ExprInt(4, 32), 32) + + +mem_a64_m4_32 = ExprMem(a64 + ExprInt(-4, 64), 32) +mem_a64_m3_32 = ExprMem(a64 + ExprInt(-3, 64), 32) +mem_a64_m2_32 = ExprMem(a64 + ExprInt(-2, 64), 32) +mem_a64_m1_32 = ExprMem(a64 + ExprInt(-1, 64), 32) +mem_a64_p0_32 = ExprMem(a64, 32) +mem_a64_p1_32 = ExprMem(a64 + ExprInt(1, 64), 32) +mem_a64_p2_32 = ExprMem(a64 + ExprInt(2, 64), 32) +mem_a64_p3_32 = ExprMem(a64 + ExprInt(3, 64), 32) +mem_a64_p4_32 = ExprMem(a64 + ExprInt(4, 64), 32) + + +state = State() + + +assert state.may_interfere(set([mem_a32_32]), mem_b32_32) == True +assert state.may_interfere(set([mem_b32_32]), mem_a32_32) == True + +# Test 8 bit accesses +assert state.may_interfere(set([mem_a32_m1_8]), mem_a32_32) == False +assert state.may_interfere(set([mem_a32_p0_8]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p1_8]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p2_8]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p3_8]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p4_8]), mem_a32_32) == False + +assert state.may_interfere(set([mem_a32_32]), mem_a32_m1_8) == False +assert state.may_interfere(set([mem_a32_32]), mem_a32_p0_8) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p1_8) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p2_8) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p3_8) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p4_8) == False + + +# Test 32 bit accesses +assert state.may_interfere(set([mem_a32_m4_32]), mem_a32_32) == False +assert state.may_interfere(set([mem_a32_m3_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_m2_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_m1_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p0_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p1_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p2_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p3_32]), mem_a32_32) == True +assert state.may_interfere(set([mem_a32_p4_32]), mem_a32_32) == False + +assert state.may_interfere(set([mem_a32_32]), mem_a32_m4_32) == False +assert state.may_interfere(set([mem_a32_32]), mem_a32_m3_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_m2_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_m1_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p0_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p1_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p2_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p3_32) == True +assert state.may_interfere(set([mem_a32_32]), mem_a32_p4_32) == False + +# Test 32 bit accesses with 64 bit memory address +assert state.may_interfere(set([mem_a64_m4_32]), mem_a64_32) == False +assert state.may_interfere(set([mem_a64_m3_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_m2_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_m1_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_p0_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_p1_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_p2_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_p3_32]), mem_a64_32) == True +assert state.may_interfere(set([mem_a64_p4_32]), mem_a64_32) == False + +assert state.may_interfere(set([mem_a64_32]), mem_a64_m4_32) == False +assert state.may_interfere(set([mem_a64_32]), mem_a64_m3_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_m2_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_m1_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_p0_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_p1_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_p2_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_p3_32) == True +assert state.may_interfere(set([mem_a64_32]), mem_a64_p4_32) == False diff --git a/miasm/analysis/data_flow.py b/miasm/analysis/data_flow.py index 064532646..a0f7044b4 100644 --- a/miasm/analysis/data_flow.py +++ b/miasm/analysis/data_flow.py @@ -1877,7 +1877,7 @@ class State(object): The state is represented using equivalence classes Each assignment can create/destroy equivalence classes. Interferences - between expression is computed using `may_interfer` function + between expression is computed using `may_interfere` function """ def __init__(self): @@ -1908,9 +1908,9 @@ def __ne__(self, other): # required Python 2.7.14 return not self == other - def may_interfer(self, dsts, src): + def may_interfere(self, dsts, src): """ - Return True is @src may interfer with expressions in @dsts + Return True if @src may interfere with expressions in @dsts @dsts: Set of Expressions @src: expression to test """ @@ -2084,8 +2084,8 @@ def eval_assignblock(self, assignblock): # Remove interfering known classes to_del = set() for node in list(classes.nodes()): - if self.may_interfer(dsts, node): - # Interfer with known equivalence class + if self.may_interfere(dsts, node): + # Interfere with known equivalence class self.equivalence_classes.del_element(node) if node.is_id() or node.is_mem(): self.undefined.add(node) @@ -2104,8 +2104,8 @@ def eval_assignblock(self, assignblock): if node.is_id() or node.is_mem(): self.undefined.add(node) - # Don't create equivalence if self interfer - if self.may_interfer(dsts, src): + # Don't create equivalence if self interfere + if self.may_interfere(dsts, src): if dst in self.equivalence_classes.nodes(): self.equivalence_classes.del_element(dst) if dst.is_id() or dst.is_mem(): @@ -2137,7 +2137,7 @@ def merge(self, other): undefined = set(node for node in self.undefined if node.is_id() or node.is_mem()) undefined.update(set(node for node in other.undefined if node.is_id() or node.is_mem())) # Should we compute interference between srcs and undefined ? - # Nop => should already interfer in other state + # Nop => should already interfere in other state components1 = classes1.get_classes() components2 = classes2.get_classes() @@ -2173,7 +2173,7 @@ def merge(self, other): continue if common: # Intersection contains multiple nodes - # Here, common nodes don't interfer with any undefined + # Here, common nodes don't interfere with any undefined nodes_ok.update(common) out.append(common) diff = component1.difference(common) diff --git a/miasm/arch/mep/regs.py b/miasm/arch/mep/regs.py index b7fa2a784..be195b613 100644 --- a/miasm/arch/mep/regs.py +++ b/miasm/arch/mep/regs.py @@ -44,7 +44,7 @@ csr_exprs, csr_inits, csr_infos = gen_regs(csr_names, globals()) # Define aliases to control/special registers -PC = csr_exprs[0] # Program Conter. On MeP, it is the special register R0 +PC = csr_exprs[0] # Program Counter. On MeP, it is the special register R0 LP = csr_exprs[1] # Link Pointer. On MeP, it is the special register R1 SAR = csr_exprs[2] # Shift Amount Register. On MeP, it is the special register R2 RPB = csr_exprs[4] # Repeat Begin. On MeP, it is the special register R4 diff --git a/miasm/arch/x86/sem.py b/miasm/arch/x86/sem.py index ffa2641c0..81e45e7e2 100644 --- a/miasm/arch/x86/sem.py +++ b/miasm/arch/x86/sem.py @@ -5057,7 +5057,7 @@ def ldmxcsr(ir, instr, dst): def _select4(src, control): - # Implementation inspired from Intel Intrisics Guide + # Implementation inspired from Intel Intrinsics Guide # @control is already resolved (was an immediate) if control == 0: diff --git a/miasm/expression/expression_helper.py b/miasm/expression/expression_helper.py index 5bd2276db..81fc5c902 100644 --- a/miasm/expression/expression_helper.py +++ b/miasm/expression/expression_helper.py @@ -89,7 +89,7 @@ def merge_sliceto_slice(expr): def is_pure_int(e): """ return True if expr is only composed with integers - [!] ExprCond returns True is src1 and src2 are integers + [!] ExprCond returns True if src1 and src2 are integers """ def modify_cond(e): if isinstance(e, m2_expr.ExprCond): @@ -344,7 +344,7 @@ class ExprRandom(object): compose_max_layer = 5 # Maximum size of memory address in bits memory_max_address_size = 32 - # Re-use already generated elements to mimic a more realistic behavior + # Reuse already generated elements to mimic a more realistic behavior reuse_element = True generated_elements = {} # (depth, size) -> [Expr] @@ -450,7 +450,7 @@ def _gen(cls, size=32, depth=1): if not cls.perfect_tree: depth = random.randint(max(0, depth - 2), depth) - # Element re-use + # Element reuse if cls.reuse_element and random.choice([True, False]) and \ (depth, size) in cls.generated_elements: return random.choice(cls.generated_elements[(depth, size)]) diff --git a/miasm/jitter/jitload.py b/miasm/jitter/jitload.py index fb1c1f720..99e4429d5 100644 --- a/miasm/jitter/jitload.py +++ b/miasm/jitter/jitload.py @@ -476,7 +476,7 @@ def init_stack(self): def get_exception(self): return self.cpu.get_exception() | self.vm.get_exception() - # commun functions + # common functions def get_c_str(self, addr, max_char=None): """Get C str from vm. @addr: address in memory diff --git a/miasm/loader/pe.py b/miasm/loader/pe.py index ea7cbc529..1252e70ed 100644 --- a/miasm/loader/pe.py +++ b/miasm/loader/pe.py @@ -1110,7 +1110,7 @@ def get_funcrva(self, func): if isfromva(tmp_thunk[j].rva & 0x7FFFFFFF) == func: return isfromva(entry.firstthunk) + j * 4 else: - raise ValueError('unknown func tpye %r' % func) + raise ValueError('unknown func type %r' % func) def get_funcvirt(self, addr): rva = self.get_funcrva(addr) diff --git a/test/arch/mep/ir/test_loadstore.py b/test/arch/mep/ir/test_loadstore.py index 87343fcb9..e7b211bd4 100644 --- a/test/arch/mep/ir/test_loadstore.py +++ b/test/arch/mep/ir/test_loadstore.py @@ -83,7 +83,7 @@ def test_sw(self): [(ExprMem(ExprInt(0x1010, 32), 32), ExprInt(0xABC7, 32))]) def test_lb(self): - """Test LB executon""" + """Test LB execution""" # LB Rn,(Rm) exec_instruction("LB R1, (R2)", diff --git a/test/test_all.py b/test/test_all.py index 85ebb31f6..67d4423f7 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -713,7 +713,7 @@ class ExampleExpression(Example): ["expr_random.py"], ["expr_translate.py"], ["expr_reduce.py"], - ["interfer.py"], + ["interfere.py"], ]: testset += ExampleExpression(script)